Severity
Medium
Analysis Summary
CVE-2023-38624 CVSS:4.2
Trend Micro Apex Central is vulnerable to server-side request forgery, caused by a flaw in the modTMSL module. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to obtain sensitive information in the context of the service account.
CVE-2023-38625 CVSS:4.2
Trend Micro Apex Central is vulnerable to server-side request forgery, caused by a flaw in the modDeepSecurity module. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to obtain sensitive information in the context of the service account.
CVE-2023-38626 CVSS:4.2
Trend Micro Apex Central is vulnerable to server-side request forgery, caused by a flaw in the modVulnerabilityProtect module. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to obtain sensitive information in the context of the service account.
CVE-2023-38627 CVSS:4.2
Trend Micro Apex Central is vulnerable to server-side request forgery, caused by a flaw in the modTXSO module. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to obtain sensitive information in the context of the service account.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-38624
- CVE-2023-38625
- CVE-2023-38626
- CVE-2023-38627
Affected Vendors
Trend Micro
Affected Products
- Trend Micro Apex Central 2019
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade or suggested workaround information.